Life at UiPath

The people at UiPath believe in the transformative power of automation to change how the world works. Were committed to creating category-leading enterprise software that unleashes that power.

To make that happen we need people who are curious self-propelled generous and genuine. People who love being part of a fast-moving fast-thinking growth company. And people who careabout each other about UiPath and about our larger purpose.

Could that be you

Your mission

As a Security Operations Engineer II you are an experienced professional specializing in threat management and incident response. You handle the end-to-end process of investigating containing and remediating security incidents. You collaborate with Threat Intelligence and Detection Engineering teams to ensure that todays incidents become tomorrows prevented attacks. With a builders mindset you automate tasks that shouldnt be done manually and develop playbooks for those that should.

What youll do at UiPath

• Own incidents end-to-end - from real-time triage of SIEM EDR network identity and cloud telemetry through containment and eradication across those domains to written and verbal communication with technical and non-technical stakeholders.

• Conduct root cause analysis and close the loop with Product Engineering Technology Corporate and Security teams so each incident produces durable detections controls or playbook updates that prevent recurrence.

• Conduct proactive threat hunting across enterprise and cloud telemetry to identify and mitigate threats before they manifest as incidents.

• Develop and maintain incident response playbooks and runbooks and exercise them through drills and tabletops that surface gaps in readiness.

• Manage tune and contribute to detection and response tooling stack (SIEM EDR SOAR case management) contributing to roadmap and configuration standards. Provide technical guidance and mentorship to junior IR analysts and adjacent security teams.

• Automate routine SecOps tasks with a DevOps/IaC mindset and integrate security tooling via APIs including SOAR playbooks and supporting services.

What youll bring to the team

• Strong working knowledge of incident response frameworks (NIST 800-61 SANS PICERL) and a deep understanding of modern attacker TTPs malware behavior and MITRE ATT&CK.

• Solid understanding of operating system internals (Windows Linux macOS) networking protocols identity systems and at least one major cloud platform (AWS Azure or GCP) with preference for Azure

• Foundational understanding of malware analysis and digital forensics methodology. Analytical depth - performs complex analysis of network host identity and cloud logs and reaches sound conclusions under time pressure.

• Sound judgment under pressure - exercises discretion in selecting methods and tooling knows when to escalate and brings critical thinking and problem-solving to ambiguous situations.

• Effective use of coding agents (Claude Code Copilot Cursor) and LLM-based tools to accelerate detection development investigation and reporting - applying sound judgment around code validation sensitive data handling hallucination risk and chain of custody and able to advise on safe enterprise AI adoption.

Qualifications

• Minimum 3 years of experience in Security Operations roles (SOC analyst incident responder detection engineer threat hunter or equivalent).

• Demonstrated ownership of incidents end-to-end including containment decisions and stakeholder communication.

• Hands-on experience with at least one major SIEM (Sentinel Splunk Chronicle Elastic) and at least one EDR (Defender XDR CrowdStrike SentinelOne).

• Working scripting ability in one of the following: Python PowerShell Bash or Node;

• Working ability to author and tune KQL queries or similar languages for Analytics and Hunting rules. Practical experience using coding agents and/or LLM tooling in a professional workflow.

Maybe you dont tick all the boxes abovebut still think youd be great for the job Go ahead apply anyway. Please. Because we know that experience comes in all shapes and sizesand passion cant be learned.

Many of our roles allow for flexibility in when and where work gets done. Depending on the needs of the business and the role the number of hybrid office-based and remote workers will vary from team to team. Applications are assessed on a rolling basis and there is no fixed deadline for this requisition. The application window may change depending on the volume of applications received or may close immediately if a qualified candidate is selected.

We value a range of diverse backgrounds experiences and ideas. We pride ourselves on our diversity and inclusive workplace that provides equal opportunities to all persons regardless of age race color religion sex sexual orientation gender identity and expression national origin disability neurodiversity military and/or veteran status or any other protected classes. Additionally UiPath provides reasonable accommodations for candidates on request and respects applicants privacy rights. To review these and other legal disclosures visit our .

Required Experience:

IC